The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.
[EMAIL PROTECTED] (Timothy Sipples) writes: > In fairness, the DS6000 is physically relatively small, although I wouldn't > want to carry one by myself on my bicycle. The spindles (individual > drives) are even smaller, but you'd need a number of them to have a RAID > set and the complete data. Tough but not impossible. > > I think the IT marketplace is in for a shock when people figure out that > losing the keys means losing the data. It isn't like a bank vault where > you can hire a locksmith to drill some holes over several days. It's so > critical to store and manage the encryption keys in a safe, secure, > recoverable repository. can you say "key escrow"? ... this was one of the themes from the "key escrow" meetings from the mid-90s. however, there was lot of confusion about what "key escrow" met, i.e. 1) gov. held all keys? 2) institutions holding keys for their own data encryption (as an availability, business continuity and no-single-point-of-failure)? 3) all kinds of keys?, authentication as well as encryption "1" got lots of bad press including all the swirl around clipper chip and things like LEAF "3" authentication keys aren't really an availability issue ... and could violate some basic security principles regarding being able to associate all activities uniquely with individuals. with all the bad press ... various key escrow activities sort of just evaporated wiki reference: http://en.wikipedia.org/wiki/Key_escrow nist references http://csrc.nist.gov/keyrecovery/ misc. past posts mentioning key escrow http://www.garlic.com/~lynn/aadsm9.htm#pkcs12 A PKI Question: PKCS11-> PKCS12 http://www.garlic.com/~lynn/aadsm16.htm#11 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed) http://www.garlic.com/~lynn/aadsm18.htm#12 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm23.htm#6 PGP "master keys" http://www.garlic.com/~lynn/2001c.html#65 Key Recovery System/Product http://www.garlic.com/~lynn/2001h.html#7 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001i.html#36 Net banking, is it safe??? http://www.garlic.com/~lynn/2001j.html#52 Are client certificates really secure? http://www.garlic.com/~lynn/2002d.html#39 PKI Implementation http://www.garlic.com/~lynn/2003j.html#53 public key confusion http://www.garlic.com/~lynn/2004i.html#12 New Method for Authenticated Public Key Exchange without Digital Certificates http://www.garlic.com/~lynn/2006d.html#39 transputers again was Re: The demise of Commodore http://www.garlic.com/~lynn/2006d.html#40 transputers again was Re: The demise of Commodore http://www.garlic.com/~lynn/2007c.html#1 Decoding the encryption puzzle ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html